Setting Up Single Sign On (SSO)
In order to configure SSO, you will need to be both:
- Datapeople Administrator: You have access to the Datapeople SSO settings page in our app.
- SSO Administrator: You can create an SSO App and can update the SSO configuration page.
From the app home page, navigate to Settings.
You can either Download the Datapeople Metadata file or copy the fields you need from this page.
Configure the connection in your SSO Provider
On the SSO setup page, click Start SSO Setup and you'll find the information needed to set up the connection in your SSO provider:
- The user’s unique IdP identifier should be mapped as “NameId” in the assertion.
- The SAML assertion should also include the following attributes, named exactly as below:
| Attribute Name | Contents |
|---|---|
| User email address | |
| firstName | User first name |
| lastName | User last name |
- ACS URL: Both the recipient and destination URL for this SSO connection, sometimes called reply URL.
- Metadata URL: The audience restriction URL inputs for this SSO connection
- User Login URL: A unique Datapeople login URL that will direct your users directly to your SSO authentication flow to log into Datapeople.
Note: your SSO Provider may have slightly different labels for the ACS and Metadata URL inputs.
Copy SSO Provider's IdP metadata back to Datapeople
Once you have configured the connection, keep your SSO Provider's IdP metadata on hand and return to Datapeople. Copy the following 3 items from your SSO Provider's IdP metadata into the Datapeople SSO Setup page and click Submit.
- Entity ID: Example: http://www.sso.com/sdi234uM5we8l1Md7
- SAML Location URL: Example: https://sso.com/app/companyname/sdi234uM5we8l1Md7/sso/saml
- Certificate: Usually labeled X509Certificate, beginning with "MII"
Make sure to only include the certificate contents, not the headers that say "Begin Certificate" and "End Certificate".
Adding User Groups to the SSO App
By default, most SSO providers will not allow any users to login to Datapeople. You can do two things:
- Change the default setting to allow access to all individuals in your organization. We recommend this if you have are also enabling an integration with your ATS or plan to include Hiring Managers in your workflows.
- Limit access to certain groups of users via SSO user groups. You should use the Assign users and groups flows in your provider's set up page.
Test Configuration and Make SSO Mandatory
After adding the user group and ensuring you are in it, click Test Configuration. This will redirect you to authenticate with your SSO provider to confirm the connection is working.
This button will not appear until you submit your IdP Metadata details.
17. Once you successfully test an SSO login using the Test Configuration button, you will see a new option in the Datapeople SSO page that is Enable Mandatory SSO.
Toggle the button to Enabled so that Datapeople will automatically redirect users to your SSO provider to log in if anyone tries to sign in to Datapeople with an email listed on your SSO Setup page (those that are associated with your organization).
FAQs
What SSO providers are supported by Datapeople?
Any SAML-based SSO provider.
Does Datapeople support auto-provisioning users via SSO?
No.
Does Datapeople support IdP (Identity Provider) initiated or SP (Service Provider) initiated connections?
Both. Users may log in directly from your Identity Provider's portal, and if they attempt to log in to Datapeople with an email address that has a domain listed on your SSO Setup page, we will direct them to the IdP to authenticate.